Network Security (6) Flashcards
Which of the following is not a characteristic of a smurf attack?
Uses the Internet Control Message Protocol
Uses broadcast transmissions
Uses a botnet to bombard the target with traffic
Uses a botnet to bombard the target with traffic
A smurf attack does not use a botnet, which is a group of computers running a remote control malware program without their owners knowing it. The computers participating in a smurf attack are simply processing traffic as they normally would. A smurf attack involves flooding a network with the same ICMP Echo Request messages used by ping but sent to the network’s broadcast address. These messages are also spoofed; the source address field contains the IP address of the computer that is the intended victim. This way, all of the computers receiving the broadcast will send their responses to the victim, flooding its in-buffers
Which of the following types of attacks can be used to enable an intruder to access a wireless network despite the protection provided by MAC filtering?
Spoofing
Brute force
DNS poisoning
Spoofing
Spoofing is the process of modifying network packets to make them appear as though they are transmitted by or addressed to someone else. One way of doing this is to modify the MAC address in the packets to one that is approved by the MAC filter. Brute force is the method of repeated guessing, which is impractical with MAC addresses. DNS works with IP addresses, not MAC addresses. War driving is the process of looking for unprotected wireless access points
Which of the following terms refers to a type of denial-of-service (DoS) attack that uses multiple computers to bombard a target server with traffic?
Amplified
Reflective
Distributed
Distributed
A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning
Which of the following terms refers to a type of denial-of-service (DoS) attack that bombards a target server with traffic that requires a large amount of processing?
Amplified
Reflective
Distributed
Amplified
An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning
Which of the following types of attacks are rarely seen anymore because of changes in device design that were specifically designed to prevent them? (Choose all correct answers.)
VLAN hopping
Logic bomb
Phishing
Smurf
VLAN hopping
Smurf
Smurf attacks rely on routers to forward broadcast traffic. Routers no longer forward broadcast messages, so smurf attacks have been rendered ineffective. In the same way, VLAN hopping, which is a method for sending commands to switches to transfer a port from one VLAN to another, is rarely seen because switches are now designed to prevent them. A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. Phishing is the term for a bogus email or website designed to infect users with some type of malware. Both of these are still commonly used attack types
Which of the following terms refers to a type of denial-of-service (DoS) attack that coerces other servers on the Internet into bombarding a target server with traffic?
Amplified
Reflective
Distributed
Reflective
A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning
Which of the following terms refers to a denial-of-service (DoS) attack in which an attacker breaks into a company’s datacenter and smashes its servers with a sledgehammer?
Reflective
Distributed
Permanent
Permanent
Although denial-of-service (DoS) attacks typically involve traffic flooding, any attack that prevents a server from functioning can be called a DoS attack. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning. This can be a physical attack that damages the hardware, or the attacker can disable the server by altering its software or configuration settings. A distributed denial-of-service (DDoS) attack is one in which the attacker uses hundreds or thousands of computers, controlled by malware and called zombies, to send traffic to a single server or website, in an attempt to overwhelm it and prevent it from functioning. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target
A technician in the IT department at your company was terminated today and had to be escorted from the building. Your supervisor has instructed you to disable all of the technician’s accounts, change all network device passwords to which the technician had access, and have the datacenter doors rekeyed. Which of the following terms best describes your supervisor’s concern in asking you to do these things?
Social engineering
Insider threats
Logic bombs
Insider threats
Your supervisor’s concern is that the disgruntled technician might take advantage of his access to devices and facilities to sabotage the network. When an individual takes advantage of information gathered during his or her employment, it is called an insider threat. Social engineering is a form of attack in which an innocent user is persuaded by an attacker to provide sensitive information via email or telephone. A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met. War driving is an attack method that consists of driving around a neighborhood with a computer scanning for unprotected wireless networks
Which of the following terms refers to a denial-of-service (DoS) attack that involves zombies?
Amplified
Reflective
Distributed
Distributed
Distributed DoS attacks use hundreds or thousands of computers that have been infected with malware, called zombies, to flood a target server with traffic, in an attempt to overwhelm it and prevent it from functioning. A reflective DoS attack is one in which the attacker sends requests containing the target server’s IP address to legitimate servers on the Internet, such as DNS servers, causing them to send a flood of responses to the target. A reflective attack does not require infected computers; it takes advantage of the servers’ native functions. An amplified DoS attack is one in which the messages sent by the attacker require an extended amount of processing by the target servers, increasing the burden on them more than simpler messages would. A permanent DoS attack is one in which the attacker actually damages the target system and prevents it from functioning
Which of the following types of attacks can cause a user’s attempts to connect to an Internet website to be diverted to an attacker’s website instead?
ARP poisoning
Spoofing
DNS poisoning
DNS poisoning
DNS poisoning is a type of attack in which an attacker adds fraudulent information into the cache of a DNS server. Then, when a client attempts to resolve the name of a website or other server, the DNS server supplies the incorrect IP address, causing the client to access the attacker’s server instead. An evil twin is a rogue wireless access point on a network. ARP poisoning is the deliberate insertion of fraudulent information into the ARP cache stored on computers and switches, which can interfere with the resolution of IP addresses into MAC addresses on a local level. Spoofing is the process of modifying network packets to make them appear as though they are transmitted by or addressed to someone else
Which of the following functions can be interfered with by a DNS poisoning attack?
IP address resolution
Name resolution
Password protection
Name resolution
DNS poisoning is a type of attack in which an attacker adds fraudulent information into the cache of a DNS server. This can interfere with the name resolution process by causing a DNS server to supply the incorrect IP address for a specified name. The process of resolving an IP address into a MAC address can be interfered with by ARP poisoning. DNS has nothing to do with passwords or switching
Which of the following statements best describes the difference between an exploit and a vulnerability?
An exploit is a potential weakness in software and a vulnerability is a potential weakness in hardware.
A vulnerability is a potential weakness in a system and an exploit is a hardware or software element that is designed to take advantage of a vulnerability.
An exploit is a potential weakness in a system and a vulnerability is a hardware or software element that is designed to take advantage of a vulnerability.
A vulnerability is a potential weakness in a system and an exploit is a hardware or software element that is designed to take advantage of a vulnerability.
A vulnerability is a weakness, whether in software or hardware, of which an exploit is designed to take advantage. Neither term is specific to hardware or software
In testing the new application he has designed, Ralph has discovered that it contains a weakness that could enable an attacker to gain full administrative access. Which of the following is another term for this weakness?
Exploit
Mitigation
Vulnerability
Vulnerability
A vulnerability is a potential weakness in a system that an attacker can use to his or her advantage. An exploit is a hardware or software element that is designed to take advantage of a vulnerability. A mitigation is a form of defense against attacks on system security. A honeypot is a computer configured to function as bait for attackers, causing them to waste their time penetrating a resource that provides no significant access
An early form of denial-of-service (DoS) attack called for the attacker to bombard the network with altered ping requests sent to the broadcast address. Which of the following is the name of this type of attack?
Smurf
Phishing
Evil twin
Smurf
In a smurf attack, the attacker sends ping requests, which use the Internet Control Message Protocol (ICMP), to the broadcast address. The request messages are altered to appear as though sent by the designated target so that all of the replies are sent to that system. Phishing is the term for a bogus email or website designed to infect users with some type of malware. An evil twin is a fraudulent access point on a wireless network. A fraggle attack is similar to a smurf attack, except that it uses User Datagram Protocol (UDP) traffic instead of ICMP
Which of the following attack types is similar to a smurf attack, except that it uses a different protocol to generate its traffic?
Evil twin
Logic bomb
Fraggle
Fraggle
A fraggle attack is similar to a smurf attack in that the attacker generates a large amount of spoofed broadcast traffic that appears to have been sent by the target system. All of the replies to the broadcasts are then transmitted to the target. The difference between a fraggle and a smurf attack is that a fraggle attack uses User Datagram Protocol (UDP) traffic instead of ICMP. Phishing is the term for a bogus email or website designed to infect users with some type of malware. An evil twin is a fraudulent access point on a wireless network. A logic bomb is a code insert placed into a legitimate software product that triggers a malicious event when specific conditions are met
